As the ubiquity and importance of digitally stored data continues to rise, the importance of keeping that data secure rises accordingly. While companies and individuals seek to protect their data, other individuals, organizations, and corporations seek to exploit security holes in order to access that data and/or wreak havoc on the computer systems themselves. Generally the different types of software that seek to exploit security holes can be termed “malware,” and may be categorized into groups including viruses, worms, adware, spyware, and others.
Many different products have attempted to protect computer systems and their associated data from attack by malware. One such approach is the use of anti-malware programs such as McAfee AntiVirus, McAfee Internet Security, and McAfee Total Protection. Some anti-malware programs rely on the use of malware signatures for detection. These signatures may be based on the identity of previously identified malware or on some hash of the malware file or other structural identifier. Another approach for identifying malware is based on the behavior of a file. For example, anti-malware software may monitor an electronic device for processes attempting to access restricted portions of memory.
These approaches, however, rely on static signatures and/or a large amount of processing power to track process behavior. Additionally, signature databases can become exceedingly large as more and more malware is identified. Further, small changes to malware files may defeat attempts to lower the size of signature databases as the hash of a slightly modified malware file may be different from the original hash. Hardware issues may also arise as a consistent network connection may be required to ensure the most recent versions of malware signatures are available. Finally, reliance on signatures can make a system vulnerable to zero day attacks—attacks by previously unidentified malware.